CVE-2018-11727
The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.
Source: CVE-2018-11727
CVE-2018-8727
Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver.
Source: CVE-2018-8727
CVE-2018-11537
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.
Source: CVE-2018-11537
CVE-2015-4043
SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx.
Source: CVE-2015-4043
CVE-2018-11526
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
Source: CVE-2018-11526
CVE-2018-11525
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
Source: CVE-2018-11525
CVE-2018-6210
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.
Source: CVE-2018-6210
CVE-2018-12582
An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI.
Source: CVE-2018-12582
CVE-2018-12583
An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php.
Source: CVE-2018-12583
CVE-2018-12580
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session[‘user_agent’] in the "Login Sessions" feature.
Source: CVE-2018-12580